Results 1  10
of
55
Visual Cryptography for General Access Structures
, 1996
"... A visual cryptography scheme for a set P of n participants is a method to encode a secret image SI into n shadow images called shares, where each participant in P receives one share. Certain qualified subsets of participants can "visually" recover the secret image, but other, forbidden, se ..."
Abstract

Cited by 108 (9 self)
 Add to MetaCart
A visual cryptography scheme for a set P of n participants is a method to encode a secret image SI into n shadow images called shares, where each participant in P receives one share. Certain qualified subsets of participants can "visually" recover the secret image, but other, forbidden, sets of participants have no information (in an informationtheoretic sense) on SI . A "visual" recovery for a set X ` P consists of xeroxing the shares given to the participants in X onto transparencies, and then stacking them. The participants in a qualified set X will be able to see the secret image without any knowledge of Cryptography and without performing any cryptographic computation. In this paper we propose two techniques to construct visual cryptography schemes for general access structures. We analyze the structure of visual cryptography schemes and we prove bounds on the size of the shares distributed to the participants in the scheme. We provide a novel technique to realize k out of n thre...
Anonymous Secret Sharing Schemes
 Designs, Codes and Cryptography
, 1996
"... In this paper we study anonymous secret sharing schemes. Informally, in an anonymous secret sharing scheme the secret can be reconstructed without knowledge of which participants hold which shares. In such schemes the computation of the secret can be carried out by giving the shares to a black box t ..."
Abstract

Cited by 85 (7 self)
 Add to MetaCart
In this paper we study anonymous secret sharing schemes. Informally, in an anonymous secret sharing scheme the secret can be reconstructed without knowledge of which participants hold which shares. In such schemes the computation of the secret can be carried out by giving the shares to a black box that does not know the identities of the participants holding those shares. Phillips and Phillips gave necessary and sufficient conditions for there to exist an anonymous secret sharing scheme where the size of the shares given to each participant is equal to the size of the secret. In this paper, we provide lower bounds on the size of the share sets in any (t; w) threshold scheme, and for an infinite class of nonthreshold access structures. We also discuss constructions for anonymous secret sharing schemes, and apply them to access structures obtained from complete multipartite graphs. 1 Introduction Informally, a secret sharing scheme is a method of distributing a secret key among a set ...
On the Size of Shares for Secret Sharing Schemes
 Journal of Cryptology
"... A secret sharing scheme permits a secret to be shared among participants in such a way that only qualified subsets of participants can recover the secret, but any nonqualified subset has absolutely no information on the secret. The set of all qualified subsets defines the access structure to the se ..."
Abstract

Cited by 78 (8 self)
 Add to MetaCart
(Show Context)
A secret sharing scheme permits a secret to be shared among participants in such a way that only qualified subsets of participants can recover the secret, but any nonqualified subset has absolutely no information on the secret. The set of all qualified subsets defines the access structure to the secret. Sharing schemes are useful in the management of cryptographic keys and in multyparty secure protocols. We analyze the relationships among the entropies of the sample spaces from which the shares and the secret are chosen. We show that there are access structures with 4 participants for which any secret sharing scheme must give to a participant a share at least 50% greater than the secret size. This is the first proof that there exist access structures for which the best achievable information rate (i.e., the ratio between the size of the secret and that of the largest share) is bounded away from 1. The bound is the best possible, as we construct a secret sharing scheme for the above a...
Decomposition Constructions for Secret Sharing Schemes
 IEEE Trans. Inform. Theory
, 1998
"... The purpose of this paper is to decribe a very powerful decomposition construction for perfect secret sharing schemes. We give several applications of the construction, and improve previous results by showing that for any graph G of maximum degree d, there is a perfect secret sharing scheme for G w ..."
Abstract

Cited by 40 (4 self)
 Add to MetaCart
(Show Context)
The purpose of this paper is to decribe a very powerful decomposition construction for perfect secret sharing schemes. We give several applications of the construction, and improve previous results by showing that for any graph G of maximum degree d, there is a perfect secret sharing scheme for G with information rate 2=(d + 1). As a corollary, the maximum information rate of secret sharing schemes for paths on more than three vertices and for cycles on more than four vertices is shown to be 2=3. Keywords secret sharing scheme, graph access structure, information rate, linear programming. 1 Introduction and Terminology Informally, a secret sharing scheme is a method of sharing a secret key K among a finite set of participants in such a way that certain specified subsets of participants can compute the secret key K. The value K is chosen by a special participant called the dealer. We will use the following notation. Let P = fP i : 1 i wg be the set of participants. The dealer is ...
Secret Sharing Schemes with Bipartite Access Structure
, 1998
"... We study the information rate of secret sharing schemes whose access structure is bipartite. In a bipartite access structure there are two classes of participants and all participants in the same class play an equivalent role in the structure. We characterize completely the bipartite access struct ..."
Abstract

Cited by 32 (8 self)
 Add to MetaCart
We study the information rate of secret sharing schemes whose access structure is bipartite. In a bipartite access structure there are two classes of participants and all participants in the same class play an equivalent role in the structure. We characterize completely the bipartite access structures that can be realized by an ideal secret sharing scheme. Both upper and lower bounds on the optimal information rate of bipartite access structures are given.
On the Information Rate of Secret Sharing Schemes
 Theoretical Computer Science
, 1992
"... We derive new limitations on the information rate and the average information rate of secret sharing schemes for access structure represented by graphs. We give the first proof of the existence of access structures with optimal information rate and optimal average information rate less that 1=2 + ff ..."
Abstract

Cited by 30 (5 self)
 Add to MetaCart
(Show Context)
We derive new limitations on the information rate and the average information rate of secret sharing schemes for access structure represented by graphs. We give the first proof of the existence of access structures with optimal information rate and optimal average information rate less that 1=2 + ffl, where ffl is an arbitrary positive constant. We also consider the problem of testing if one of these access structures is a substructure of an arbitrary access structure and we show that this problem is NPcomplete. We provide several general lower bounds on information rate and average information rate of graphs. In particular, we show that any graph with n vertices admits a secret sharing scheme with information rate\Omega\Gammate/3 n)=n). 1 Introduction A secret sharing scheme is a method to distribute a secret s among a set of participants P in such a way that only qualified subsets of P can reconstruct the value of s whereas any other subset of P ; nonqualified to know s; cannot ...
Tight Bounds on the Information Rate of Secret Sharing Schemes
 Designs, Codes and Cryptography
, 1997
"... A secret sharing scheme is a protocol by means of which a dealer distributes a secret s among a set of participants P in such a way that only qualified subsets of P can reconstruct the value of s whereas any other subset of P; nonqualified to know s; cannot determine anything about the value of ..."
Abstract

Cited by 30 (0 self)
 Add to MetaCart
(Show Context)
A secret sharing scheme is a protocol by means of which a dealer distributes a secret s among a set of participants P in such a way that only qualified subsets of P can reconstruct the value of s whereas any other subset of P; nonqualified to know s; cannot determine anything about the value of the secret. In this paper we provide a general technique to prove upper bounds on the information rate of secret sharing schemes. The information rate is the ratio between the size of the secret and the size of the largest share given to any participant. Most of the recent upper bounds on the information rate obtained in the literature can be seen as corollaries of our result. Moreover, we prove that for any integer d there exists a dregular graph for which any secret sharing scheme has information rate upper bounded by 2=(d + 1). This improves on van Dijk's result [14] and matches the corresponding lower bound proved by Stinson in [22]. Index terms : Secret Sharing, Data Security,...
Characterizing Ideal Weighted Threshold Secret Sharing
 Second Theory of Cryptography Conference, TCC 2005. Lecture Notes in Comput. Sci. 3378
, 2005
"... Abstract. Weighted threshold secret sharing was introduced by Shamir in his seminal work on secret sharing. In such settings, there is a set of users where each user is assigned a positive weight. A dealer wishes to distribute a secret among those users so that a subset of users may reconstruct the ..."
Abstract

Cited by 28 (6 self)
 Add to MetaCart
(Show Context)
Abstract. Weighted threshold secret sharing was introduced by Shamir in his seminal work on secret sharing. In such settings, there is a set of users where each user is assigned a positive weight. A dealer wishes to distribute a secret among those users so that a subset of users may reconstruct the secret if and only if the sum of weights of its users exceeds a certain threshold. On one hand, there are nontrivial weighted threshold access structures that have an ideal scheme – a scheme in which the size of the domain of shares of each user is the same as the size of the domain of possible secrets (this is the smallest possible size for the domain of shares). On the other hand, other weighted threshold access structures are not ideal. In this work we characterize all weighted threshold access structures that are ideal. We show that a weighted threshold access structure is ideal if and only if it is a hierarchical threshold access structure (as introduced by Simmons), or a tripartite access structure (these structures generalize the concept of bipartite access structures due to Padró and Sáez), or a composition of two ideal weighted threshold access structures that are defined on smaller sets of users. We further show that in all those cases the weighted threshold access structure may be realized by a linear ideal secret sharing scheme. The proof of our characterization relies heavily on the strong connection between ideal secret sharing schemes and matroids, as proved by Brickell and Davenport.
On secret sharing schemes, matroids and polymatroids
 Journal of Mathematical Cryptology
"... The complexity of a secret sharing scheme is defined as the ratio between the maximum length of the shares and the length of the secret. The optimization of this parameter for general access structures is an important and very difficult open problem in secret sharing. We explore in this paper the co ..."
Abstract

Cited by 18 (4 self)
 Add to MetaCart
The complexity of a secret sharing scheme is defined as the ratio between the maximum length of the shares and the length of the secret. The optimization of this parameter for general access structures is an important and very difficult open problem in secret sharing. We explore in this paper the connections of this open problem with matroids and polymatroids. Matroid ports were introduced by Lehman in 1964. A forbidden minor characterization of matroid ports was given by Seymour in 1976. These results are previous to the invention of secret sharing by Shamir in 1979. Important connections between ideal secret sharing schemes and matroids were discovered by Brickell and Davenport in 1991. Their results can be restated as follows: every ideal secret sharing scheme defines a matroid, and its access structure is a port of that matroid. In spite of this, the results by Lehman and Seymour and other subsequent results on matroid ports have not been noticed until now by the researchers interested in secret sharing. Lower bounds on the optimal complexity of access structures can be found by taking into account that the joint Shannon entropies of a set of random variables define a polymatroid.
Unidirectional key distribution across time and space with applications to RFID security
"... We explore the problem of secretkey distribution in unidirectional channels, those in which a sender transmits information blindly to a receiver. We consider two approaches: (1) Key sharing across space, i.e., via simultaneously emitted values that may follow different data paths and (2) Key sharin ..."
Abstract

Cited by 16 (1 self)
 Add to MetaCart
We explore the problem of secretkey distribution in unidirectional channels, those in which a sender transmits information blindly to a receiver. We consider two approaches: (1) Key sharing across space, i.e., via simultaneously emitted values that may follow different data paths and (2) Key sharing across time, i.e., in temporally staggered emissions. Our constructions are of general interest, treating, for instance, the basic problem of constructing highly compact secret shares. Our main motivating problem, however, is practical key management in RFID (RadioFrequency IDentification) systems. We describe the application of our techniques to RFIDenabled supply chains and a prototype privacyenhancing system.